jen20/bastionHost.ts Secret

## bastionHost.ts
/*
 * Copyright 2018, James Nugent.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
 * If a copy of the MPL was not distributed with this file, You can obtain one at
 * http://mozilla.org/MPL/2.0/.
 */

import * as aws from "@pulumi/aws";
import { ComponentResource, Output, ResourceOptions } from "@pulumi/pulumi";

export interface BastionHostInputs {
    description: string;

    baseTags: aws.Tags;

    imageId?: string;

    imageNameRegex?: string;

    imageOwner?: string;

    subnetId: Output<string>;

    keyName: Output<string>;

    authorizeSSHFrom?: Output<string>[];

    additionalSecurityGroupIds: Output<string>[];

    instanceType?: aws.ec2.InstanceType;

    instanceProfileId?: Output<string>;
}

export interface BastionHostOutputs {
    instanceId: Output<string>;

    publicIpAddress: Output<string>;
}

export class BastionHost extends ComponentResource implements BastionHostOutputs {
    public publicIpAddress: Output<string>;
    public instanceId: Output<string>;

    public static async create(name: string, inputs: BastionHostInputs,
                               opts?: ResourceOptions): Promise<BastionHost> {
        const instance = new BastionHost(`${name}-bastion-host`, inputs, opts);
        const instanceParent = {parent: instance};

        const baseName = name.toLowerCase();

        const vpcId = await inputs.subnetId.apply((subnetId) => {
            return aws.ec2.getSubnet({
                id: subnetId,
            }).then(r => r.vpcId);
        });

        let ami = "";
        if (inputs.imageId) {
            ami = inputs.imageId;
        } else {
            const amazonLinux2NameRegex = "amzn2-ami-hvm-2*-x86_64-gp2";

            const owners: string[] = [];
            if (inputs.imageOwner) {
                owners.push(inputs.imageOwner);
            }

            ami = (await aws.getAmi({
                nameRegex: inputs.imageNameRegex || amazonLinux2NameRegex,
                owners: owners,
            })).id;
        }

        const ingressSecurityGroup = new aws.ec2.SecurityGroup(`${baseName}-bastion-sg`, {
            description: `${inputs.description} Bastion Ingress`,
            vpcId: vpcId,

            ingress: [{
                description: "SSH Traffic",
                fromPort: 22,
                toPort: 22,
                protocol: "TCP",
                cidrBlocks: inputs.authorizeSSHFrom || ["0.0.0.0/0"],
            }],

            egress: [{
                description: "All Egress Traffic",
                fromPort: 0,
                toPort: 0,
                protocol: "-1",
                cidrBlocks: ["0.0.0.0/0"],
            }],
        }, instanceParent);

        const securityGroupIds: Output<string>[] = [ingressSecurityGroup.id];
        securityGroupIds.push(...inputs.additionalSecurityGroupIds);

        const bastionTags = Object.assign({
            Name: `${inputs.description} Bastion Host`,
        }, inputs.baseTags);
        const bastion = new aws.ec2.Instance(`${baseName}-bastion-instance`, {
            subnetId: inputs.subnetId,
            vpcSecurityGroupIds: securityGroupIds,

            ami: ami,
            keyName: inputs.keyName,

            instanceType: inputs.instanceType || aws.ec2.T2InstanceMicro,
            iamInstanceProfile: inputs.instanceProfileId || undefined,

            tags: bastionTags,
        }, instanceParent);

        instance.instanceId = bastion.id;
        instance.publicIpAddress = bastion.publicIp;

        return instance;
    }

    private constructor(name: string, inputs: BastionHostInputs, opts?: ResourceOptions) {
        super("operator-error:aws:vault:BastionHost", name, inputs, opts);

        this.registerOutputs({
            publicIpAddress: this.publicIpAddress,
            instanceId: this.instanceId,
        });
    }
}
	/*
	* Copyright 2018, James Nugent.
	*
	* This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
	* If a copy of the MPL was not distributed with this file, You can obtain one at
	* http://mozilla.org/MPL/2.0/.
	*/

	import * as aws from "@pulumi/aws";
	import { ComponentResource, Output, ResourceOptions } from "@pulumi/pulumi";

	export interface BastionHostInputs {
	description: string;

	baseTags: aws.Tags;

	imageId?: string;

	imageNameRegex?: string;

	imageOwner?: string;

	subnetId: Output<string>;

	keyName: Output<string>;

	authorizeSSHFrom?: Output<string>[];

	additionalSecurityGroupIds: Output<string>[];

	instanceType?: aws.ec2.InstanceType;

	instanceProfileId?: Output<string>;
	}

	export interface BastionHostOutputs {
	instanceId: Output<string>;

	publicIpAddress: Output<string>;
	}

	export class BastionHost extends ComponentResource implements BastionHostOutputs {
	public publicIpAddress: Output<string>;
	public instanceId: Output<string>;

	public static async create(name: string, inputs: BastionHostInputs,
	opts?: ResourceOptions): Promise<BastionHost> {
	const instance = new BastionHost(`${name}-bastion-host`, inputs, opts);
	const instanceParent = {parent: instance};

	const baseName = name.toLowerCase();

	const vpcId = await inputs.subnetId.apply((subnetId) => {
	return aws.ec2.getSubnet({
	id: subnetId,
	}).then(r => r.vpcId);
	});

	let ami = "";
	if (inputs.imageId) {
	ami = inputs.imageId;
	} else {
	const amazonLinux2NameRegex = "amzn2-ami-hvm-2*-x86_64-gp2";

	const owners: string[] = [];
	if (inputs.imageOwner) {
	owners.push(inputs.imageOwner);
	}

	ami = (await aws.getAmi({
	nameRegex: inputs.imageNameRegex \|\| amazonLinux2NameRegex,
	owners: owners,
	})).id;
	}

	const ingressSecurityGroup = new aws.ec2.SecurityGroup(`${baseName}-bastion-sg`, {
	description: `${inputs.description} Bastion Ingress`,
	vpcId: vpcId,

	ingress: [{
	description: "SSH Traffic",
	fromPort: 22,
	toPort: 22,
	protocol: "TCP",
	cidrBlocks: inputs.authorizeSSHFrom \|\| ["0.0.0.0/0"],
	}],

	egress: [{
	description: "All Egress Traffic",
	fromPort: 0,
	toPort: 0,
	protocol: "-1",
	cidrBlocks: ["0.0.0.0/0"],
	}],
	}, instanceParent);

	const securityGroupIds: Output<string>[] = [ingressSecurityGroup.id];
	securityGroupIds.push(...inputs.additionalSecurityGroupIds);

	const bastionTags = Object.assign({
	Name: `${inputs.description} Bastion Host`,
	}, inputs.baseTags);
	const bastion = new aws.ec2.Instance(`${baseName}-bastion-instance`, {
	subnetId: inputs.subnetId,
	vpcSecurityGroupIds: securityGroupIds,

	ami: ami,
	keyName: inputs.keyName,

	instanceType: inputs.instanceType \|\| aws.ec2.T2InstanceMicro,
	iamInstanceProfile: inputs.instanceProfileId \|\| undefined,

	tags: bastionTags,
	}, instanceParent);

	instance.instanceId = bastion.id;
	instance.publicIpAddress = bastion.publicIp;

	return instance;
	}

	private constructor(name: string, inputs: BastionHostInputs, opts?: ResourceOptions) {
	super("operator-error:aws:vault:BastionHost", name, inputs, opts);

	this.registerOutputs({
	publicIpAddress: this.publicIpAddress,
	instanceId: this.instanceId,
	});
	}
	}